Skip to content

Instantly share code, notes, and snippets.

@iworker

iworker/instruction.md

Last active June 24, 2023 00:23
Show Gist options
  • Star 2 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save iworker/92cce0ba79ae6cce5decd49ad862189b to your computer and use it in GitHub Desktop.
Save iworker/92cce0ba79ae6cce5decd49ad862189b to your computer and use it in GitHub Desktop.
Download ZIP
Install & configure Kerio VPN Client for docker-machine (with xhyve driver) and TinyCoreLinux installed as virtual machine on macOS
Raw
instruction.md
  1. Logging into docker-machine: docker-machine ssh default
  2. Create temporary working directory and changing to: mkdir kerio && cd kerio
  3. Download latest DEB-package of Kerio VPN client: wget https://cdn.kerio.com/dwn/kerio-control-vpnclient-linux-amd64.deb
  4. Unpack the package using ar utility: ar -x kerio-control-vpnclient-linux-amd64.deb
  5. Unpack internal archives:
tar -xzvf control.tar.gz
tar -xJvf data.tar.xz
  1. Copy all the shared libraries
sudo cp usr/lib/libkvnet.so /usr/lib
sudo cp usr/lib/libktssl.so.1.0.0 /usr/lib
sudo cp usr/lib/libktcrypto.so.1.0.0 /usr/lib
sudo cp usr/lib/libktz.so.1 /usr/lib
  1. Copy the binary executable file: sudo cp usr/sbin/kvpncsvc /usr/sbin/
  2. Copy the running script: sudo cp etc/init.d/kerio-kvc /etc/init.d/
  3. (optional) Installing vim (to edit configuration): tce-load -wi vim
  4. Generate fingerprint of the VPN server (4090 is the default port, could be any):
openssl s_client -connect "vpn-server.com:4090" 2>/dev/null | openssl x509 -fingerprint -md5 -noout | sed s'/.*=//'

(it would be necessary to break the connection using CTRL+C and copy the output value, which looks like: 00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF)

  1. Create the Kerio VPN Client config: sudo vim /etc/kerio-kvc.conf (change server address, username and password, and fingerprint, also could be added port – using <port></port> param)
<?xml version="1.0" encoding="UTF-8"?>
<config>
  <connections>
    <connection type="persistent">
      <server>vpn-server.com</server>
      <username>{vpn-user}</username>
      <password>D3S:{password-hash}</password>
      <fingerprint>00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF</fingerprint>		       
      <active>1</active>
    </connection>
  </connections>
</config>

(the easiest way to configure is to copy params from macOS Kerio VPN client config, it's located here: ~/.kerio/vpnclient/user.cfg)

  1. Change mode of the config: sudo chmod 0600 /etc/kerio-kvc.conf
  2. Run the VPN Client: sudo /etc/init.d/kerio-kvc start

Another way is to run full script:

  1. Replace environment variables with your values:
export VPN_SERVER=<VPN_URL> PASSWORD_HASH=<PASSWORD_HASH> VPN_USER=<VPN_USER>
  1. Run script:
mkdir kerio && cd kerio
wget https://cdn.kerio.com/dwn/kerio-control-vpnclient-linux-amd64.deb
ar -x kerio-control-vpnclient-linux-amd64.deb
tar -xzvf control.tar.gz
tar -xJvf data.tar.xz
sudo VPN_SERVER=$VPN_SERVER PASSWORD_HASH=$PASSWORD_HASH VPN_USER=$VPN_USER su
cp usr/lib/libkvnet.so /usr/lib
cp usr/lib/libktssl.so.1.0.0 /usr/lib
cp usr/lib/libktcrypto.so.1.0.0 /usr/lib
cp usr/lib/libktz.so.1 /usr/lib
cp usr/sbin/kvpncsvc /usr/sbin/
cp etc/init.d/kerio-kvc /etc/init.d/
export VPN_FGPT=$(openssl s_client -connect "${VPN_SERVER}:4090" 2>/dev/null | openssl x509 -fingerprint -md5 -noout | sed s'/.*=//' &)
cat > /etc/kerio-kvc.conf <<EOF
<?xml version="1.0" encoding="UTF-8"?>
<config>
  <connections>
    <connection type="persistent">
      <server>${VPN_SERVER}</server>
      <username>${VPN_USER}</username>
      <password>D3S:${PASSWORD_HASH}</password>
      <fingerprint>$VPN_FGPT</fingerprint>		       
      <active>1</active>
    </connection>
  </connections>
</config>
EOF

chmod 0600 /etc/kerio-kvc.conf
/etc/init.d/kerio-kvc start
exit
@uzbekdev1
Copy link

thx

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment